DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm a bit new to Debian/Linux and would like to setup a DSL Router on Debian for about 10 WinXP PCs.
I successfuly set up the PPPOE Connection to my Provider. Now I additionally need a DHCP Server running on Debian and I need to get it working that the other 10 WinXP Clients have access to the internet.
I'm sorry but I'm a little bit lost right now. What do I have to do to get this working?
In addition to dhcp you need ip-masquerade and I would suggest a firewall as well. Do apt-get install dhcp ipmasq . You will need to ip-forward and the easiest way is to get a firewall with all this built in and I suggest a visit to;
It looks very daunting because at first sight it appears to be very long. However that's because it covers 2.0 2.2 and 2.4 kernels all at the same time, plus there's some troubleshooting stuff at the end padding it out somewhat.
The howto is actually very short, when you take this into account. I recommend it highly. If you don't need to recompile your kernel, it will only take you ten minutes. Even if you need to recompile, it tells you exactly what options you need.
It also includes a sample firewall, which is very good (as in secure).
DHCP is very very easy. You just need to apt-get install dhcp and configure it. You can do this by man dhcpd.conf or you can copy this one and modify it to your tastes (you must fill in your own dns servers here at the very least):
The advantage of this config is it forwards the dns info to the clients, meaning no config is necessary on the clients except to select "obtain an IP address automatically"
#!/bin/sh
#
# rc.firewall-2.2
#
# - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels
# using IPCHAINS.
#
# Once IP Masquerading has been tested, with this simple
# ruleset, it is highly recommended to use a stronger
# IPTABLES ruleset either given later in this HOWTO or
# from another reputable resource.
FWVER="1.22"
#
# 1.22 - ruleset now uses modprobe instead of insmod
# 1.21 - Added clarification that PPPoE users need to use
# "ppp0" instead of "eth0" for their external interface
# 1.20 - Updated the script to use environment vars
# 1.01 - Original version
echo -e "\n\nLoading simple rc.firewall-2.2 : version $FWVER..\n"
# The location of the ipchains and kernel module programs
#
# If your Linux distribution came with a copy of ipchains,
# most likely all the programs will be located in /sbin. If
# you manually compiled ipchains, the default location will
# be in /usr/local/sbin
#
# ** Please use the "whereis ipchains" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
IPCHAINS=/sbin/ipchains
#IPTABLES=/usr/local/sbin/ipchains
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
#Setting the EXTERNAL and INTERNAL interfaces for the network
#
# Each IP Masquerade network needs to have at least one
# external and one internal network. The external network
# is where the NATing will occur and the internal network
# should preferably be addressed with a RFC1918 private addressing
# scheme.
#
# For this example, "eth0" is external and "eth1" is internal"
#
# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
#
# If you are a PPPoE or analog modem user:
#
# EXTIF="ppp0"
#
# ** Please change this to reflect your specific configuration **
#
EXTIF="ppp0"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
# Network Address of the Internal Network
#
# This example rc.firewall file uses the 192.168.0.0 network
# with a /24 or 255.255.255.0 netmask.
#
# ** Change this variable to reflect your specific setup **
#
INTLAN="192.168.1.0/150"
echo -e " Internal Interface: $INTLAN\n"
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented out from loading.
echo " loading required IPMASQ kernel modules.."
# Needed to initially load modules
#
$DEPMOD -a
echo -en " Loading modules: "
# Supports the proper masquerading of FTP file transfers using the PORT method
#
echo -en "FTP, "
$MODPROBE ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
#echo -en "RealAudio, "
$MODPROBE ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
echo -en "Irc, "
$MODPROBE ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to
# play Quake I, II, and III, use the second example.
#
# NOTE: If you get ERRORs loading the QUAKE module, you are running an old
# ----- kernel that has bugs in it. Please upgrade to the newest kernel.
#
#echo -en "Quake, "
#Quake I / QuakeWorld (ports 26000 and 27000)
#$MODPROBE ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
$MODPROBE ip_masq_quake 26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#echo -en "CuSeeme, "
#$MODPROBE ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#echo -en "VdoLive "
#$MODPROBE ip_masq_vdolive
echo ". Done loading modules."
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
#CRITICAL: Enable automatic IP defragmenting since it is disabled by default
# in 2.2.x kernels. This used to be a compile-time option but the
# behavior was changed in 2.2.12
#
echo " enabling AlwaysDefrag.."
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this
# following option. This enables dynamic-ip address hacking in IP MASQ,
# making the life with Diald and similar programs much easier.
#
#echo " enabling DynamicAddr.."
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Enable the LooseUDP patch which some Internet-based games require
#
# If you are trying to get an Internet game to work through your IP MASQ box,
# and you have set it up to the best of your ability without it working, try
# enabling this option (delete the "#" character). This option is disabled
# by default due to possible internal machine UDP port scanning
# vulnerabilities.
#
#echo " enabling LooseUDP.."
#echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is REJECT
#
echo " clearing any existing rules and setting default policy.."
$IPCHAINS -P input ACCEPT
$IPCHAINS -P output ACCEPT
$IPCHAINS -P forward REJECT
$IPCHAINS -F input
$IPCHAINS -F output
$IPCHAINS -F forward
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
echo " setting default timers.."
$IPCHAINS -M -S 7200 10 160
# DHCP: For people who receive their external IP address from either DHCP or
# BOOTP such as ADSL or Cablemodem users, it is necessary to use the
# following before the deny command.
#
# This example is currently commented out.
#
#
#$IPCHAINS -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on interface eth0.
#
# ** Please change this network number, subnet mask, and your Internet
# ** connection interface name to match your internal LAN setup
#
echo " enabling IPMASQ functionality on $EXTIF"
$IPCHAINS -P forward DENY
$IPCHAINS -A forward -i $EXTIF -s $INTLAN -j MASQ
echo -e "\nrc.firewall-2.2 v$FWVER done.\n"
I created it in /etc/init.d/
My resolv.conf is
Code:
nameserver 192.168.1.0
Or should that be the nameserver of the provider?
However if I try to execute rc.firewall-2.2 the following error occurs:
./rc.firewall-2.2
: Bad interpreter : No such file or directory
Btw. thanks a lot for all your help guys, I really appreciate it!
2. This following section doesn't seem to match what you told us:
# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
#
# If you are a PPPoE or analog modem user:
#
# EXTIF="ppp0"
#
# ** Please change this to reflect your specific configuration **
#
EXTIF="ppp0"
INTIF="eth0"
I though you wanted:
EXTIF="eth1"
INTIF="eth0"
3.Did you write in this "150" ? I would have thought you wanted "24"
INTLAN="192.168.1.0/150"
4. Nota Bene:
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this
# following option. This enables dynamic-ip address hacking in IP MASQ,
# making the life with Diald and similar programs much easier.
#
#echo " enabling DynamicAddr.."
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
If you get your IP from your ISP using DHCP you will want to uncomment this.
And also the following:
# DHCP: For people who receive their external IP address from either DHCP or
# BOOTP such as ADSL or Cablemodem users, it is necessary to use the
# following before the deny command.
#
# This example is currently commented out.
#
#
#$IPCHAINS -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
I'm not sure which line gave you an error. My first guess is there is no ppp0 device on your machine, so once you ammend that to eth1 you should be ok. Alternatively, maybe one of the files in /proc/... is missing (indicating that you don't have that appropriate option in the kernel). Did you check your kernel for compatibility as described in the first section of the HOWTO?
First off, I suggest you correct all of the above and try again.
2. This following section doesn't seem to match what you told us:
# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
#
# If you are a PPPoE or analog modem user:
#
# EXTIF="ppp0"
#
# ** Please change this to reflect your specific configuration **
#
EXTIF="ppp0"
INTIF="eth0"
I though you wanted:
EXTIF="eth1"
INTIF="eth0"
I filled in ppp0 there because of their statement If you are a PPPoE or analog modem user: EXTIF="ppp0"
I got 2 nics installed, eth0 for internal eth1 is directly connected to the DSL Modem. It's PPPoE and I establish the connection via pon dsl-provider. Although I don't see a ppp0 connection in ifconfig after establishing the connection, just eth1.
Changed to eth1.
3
Code:
3.Did you write in this "150" ? I would have thought you wanted "24"
INTLAN="192.168.1.0/150"
I raised DHCP and the value in the script to 150
4
Allright changed
Also adjusted resolv.conf to the IP of my ISP Nameserver.
I checked my kernel once again -> 2.2.20-idepci . That one should be compatible, isn't it? (Used the manual for 2.2.x Kernels)
However I'm still getting : Bad interpreter : No such file or directory
The sbin paths are all correct. ( Checked with locate )
2.2.20-idepci - That one should be compatible, isn't it?
I don't know. That's why I asked:
Quote:
Did you check your kernel for compatibility as described in the first section of the HOWTO?
- that is to say the howto tells you how to test your kernel.
If you find you need a new kernel, don't be afraid if you haven't done it before - the HOWTO tells you exactly what options you need, and you can use your current config for the rest.
Just do
apt-get install kernel-source-of-your-choice
cd /usr/src/
tar xjvf kernel-source-blah-blah.bz2
rm linux (if it exists)
ln -s $(whatever the name of the new directory is) linux
cp /boot/config-2.2.20-idepci /usr/src/linux
cd linux
make menuconfig or make xconfig
and have a print out of the relevant section of the HOWTO to tell you how to fill in the relevent options.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.